Posted
by
ScuttleMonkey
on Friday April 17, 2009 @11:56AM
from the putting-tread-on-the-slippery-slope dept.

NewYorkCountryLawyer writes "A Swedish internet service provider, Bahnhof, has begun deleting customer identification information in order to prevent it from being used as evidence against its customers under Sweden's new legislation against copyright infringement via peer-to-peer file sharing. According to this report on 'The Local,' it is entirely legal for it to do so. The company's CEO, Jon Karlung, is identified as 'a vociferous opponent of the measures that came into force on April 1st,' and is quoted saying that he is determined to protect the company's clients, and that 'It's about the freedom to choose, and the law makes it possible to retain details. We're not acting in breach of IPRED; we're following the law and choosing to destroy the details.'"

Good job idiot! Now Slashdot's owners are going to go to jail for a year too! Of course, the site is commercially orientated, they probably make money off it and everything.... it's probably fair then.

While I love this decision also, I find it sad that we now applaud people who want to take care of their customers... Didn't that used to be a given?

Speaking as someone that handles consumer's problems - you are correct. There's nothing I hate more than hearing "Sorry for your inconvenience." - especially from airline employees!

Oh yeah! How about, the next time you're on strike and bitching about how you're not making enough, I walk up to you and say, "Sorry about the inconvenience!"

Here's the thing, with this shitty economy, companies are seeing the light! Amen! They're paying attention to customers. Just walk into a Home Depot now. I got asked 4 times if I found what I'm looking for! Now, they're pissing me off for being so helpful. Talk about the pendulum swinging!

P.S. To you Aladrin: I see that big orange ball by your userID. For what it's worth, whatever I said, I meant nothing personal, but I stand by my opinions. I take responsibility for what I've said that has offended you. Judge me as you will.

Unfortunately a man who has his spine intact is a rare sight these days. Too many people don't understand that being petty and easily upset so that you respond with anger to whatever you dislike is the wrong kind of strength. That anger looks forceful and powerful but there is a great deal of cowardice behind it that comes from looking everywhere but within for your joy and your strength. Thus, anger is almost always about control of externals. It's also being strong in the wrong way because it is a compensation for weakness rather than a removal of weakness.

What you have provided a good counter-example against are the people-pleasers who derive their being and their self-worth (of a worthless sort) from the approval of others. Thus, they have no idea how to be their own person and they have conflict and frustration because their life is not really theirs. Such people usually believe that they are living their own lives because they have personally identified with those external influences that control them, which is why this system is so effective and why so few come to understand it. It needs this deception to work, which is why understanding it is the same thing as having freedom from it.

For you, it may be rather easy to understand that when you have a nation full of people with such weakness, it sets the stage for a powerful government to cater to it. If those people were whole and joyous and complete in the right way, the sort of comfort and security that government can offer would not be tempting to them. There are also economic and political reasons for it, of course, but this is the predecessor to fascism that no one in the media talks about. It is, in fact, the one enabler that makes all of the others possible. The mainstream media really can't talk about it and still have high ratings because most of the population has become this way. Of course, high ratings are more valuable to them than a chance to promote joyous, secure, sane people who cherish freedom. There's not much else to know about what sort of people they are.

Actually, that, combined with this, has made me consider a switch from Bredbandsbolaget (a major Sweidsh ISP) to them. They have pretty decent pricing too, and I have no problems at all with BBB -- rather to the contrary. But it would simply feel good to be an ISP customer where the CEO shared my ideals.:-) And know that they at least try to protect the privacy of their customers. That's so little of a given these days that it's scary.

Better yet, if you live in Sweden move your Internet connection over to his ISP. This is a very rare chance to financially support someone who is trying to protect your privacy while having little net cost for yourself.

I hope all the teabaggers who were at the big Fox News Tea Bag Rallies here in the US on Wednesday take note that this head of a company who is striking a blow for the privacy of his customers and liberty in general is acting in what they deridingly refer to as a "European Socialist" country.

If this is European Socialism, I want some of that right here in America and the sooner the better.

What was the last time an American CEO did something like this for his customers?

Heck, if you sell uncapped, un-metered always-on connectivity, you don't need any logs at all. You need to set up a user name and password, or authorize a MAC address, or energize a particular port on a switch, or something. But it doesn't _matter_ if it ever gets used... the bills are because "you signed up and the month has ended." So you don't need to log it; you just need a way of turning it on when someone starts paying, and off when they stop.

I wish ISPs could do that here in the UK, but they are required to keep those kinds of logs for at least a year. The government even pays for the equipment to do the logging. Unfortunately I suppose Sweden will be passing similar laws soon.

By using such information for hunting file-sharers they pretty much breached the trust relationship with the ISP. If the ISP could keep the data and only give it out in cases of child porn I'm sure they would keep them.. But the law doesnt make that distinction so the only option left to protect his customers is to not keep the data.

Actions have consequences. Sometimes an idea will bite you in the ass in unintended ways... Like the diesel-fuel added to processes in paper-production factories to get money ev

If they don't get a wad of cash with an account number attached, then they cut off service for that account. Doesn't matter who pays, so long as the account number is valid. Maybe some people could pay with credit cards, but they just pay for a different account each month (maybe theirs, maybe not). No need for bills, although it leaves the customer with no recourse if they cut off service illegitimately.

I'd love to know how they can bill people without even knowing their name though.

The headline is a little deceptive. It sounds like what's actually going on is that they don't retain logs. From a comment to the article:

To clarify, we (Bahnhof) have not "begun deleting information" of any kind, we have always discarded this sort of informationcouplings in the earliest stage possible in our ongoing efforts to provide iNTeGriTY-marked(swedish language ahead) broadband for our customers.

Considering all that customer data is to the company is a potential liability, why would any ISP in Sweden choose to retain that information?? Especially considering it is perfectly legal for them to get rid of it. Keeping the data around will do absolutely no good for the company, and could possibly harm their customers. Last I heard, you want to keep you customers happy if you want them to keep paying for your services.

Stefan Johansson, deputy director at the Swedish justice ministry, confirmed that Bahnhof was not breaking the law by choosing to destroy IP address details.
"The IPRED regulations do not entail any obligation of this kind. They are only concerned with the retrieval of existing information," he said.

If the legislation is enacted, Karlung said Bahnhof would continue to stay within the bounds of the law.
"If the state decides that everything has to be handed over to various private organisations[sic], then we will of course comply, even if I think it's unfortunate and hope public opinion pushes the matter in a different direction," he said.

According to wikipedia, the Swedish constitution prohibits Ex Post Facto criminal laws, so again, they should be just fine.

I hope this won't be like what happens in the US where the company deletes data, but when pressured by the courts, they happen to recover a backup.

It's worked out GREAT for libraries in the US. The PATRIOT act requires that libraries give up book borrowing records without even a warrant. So within a year or two pretty much all of the common library management software packages were updated to delete all record of who/where/when/what was borrowed as soon as the book is returned. Few people would ever guess it, but most librarians are almost militant about patron privacy.

Aside from the Bond datacenter fulfilling those requirements (give or take), chances are that if they're a legitimate concern then you've got other more pressing issues to deal with. Such as your impending vaporization.

Judging by the recent trial of TPB, following the letter of the law in Sweden is not enough to defend yourself if the case ends up in court.

TPB's trial is the norm rather than the exception. If you think the letter of the law is enough to keep you safe in court try getting out of a traffic ticket where you know you're in the right. This applies in any country.

I got out of a traffic ticket, and I was guilty. I hired flesh-eating bacteria to infect the leg of the officer so he couldn't show up in court. Ok, I'm making up the 'hired' part, but flesh-eating bacteria is why my ticket got thrown out. (I think I would have won anyway, because the signal was defective, but it really was red when I went thru it...)

They are actually claiming to follow another law from 2003 called the Swedish Electronic Communications law. It states that traffic information should be deleted or anonymized when it is no longer needed to transmit the electronic message.

I suppose I don't know how it is in Sweden, but I beileve in America for there to be 'destruction of evidence', the destruction has to occur in the context of an actual investigation.

In fact, this is why companies have "data retention" policies (which typically have more to do with which data to destroy than which to retain) -- when an investigation does come up, if you already don't have the information and it was destroyed in accordance with standing company policy, then there is normally no recourse agai

In fact, this is why companies have "data retention" policies (which typically have more to do with which data to destroy than which to retain)

That's what Sarbanes-Oxley was about: to make companies start retaining data on purpose. Previously companies attempted to walk the line between destroying everything that could be used against them, and keeping anything that could ever be useful. Now they have a third issue to worry about: legal compliance with data-retention laws.

A law requiring connection of users to addresses is going to be technically unworkable, so if it happens it's a sign that it's time to run for the hills. Or at least another coun

Yes, and as a result there's been about one IPO since SOX was introduced (Rackspace), and their stock immediately tanked. Despite SOX's noble intentions, all it's really done is make the criminals get more creative while giving a lot of companies incentive to stay privately held.

all it's really done is make the criminals get more creative while giving a lot of companies incentive to stay privately held.

I don't have a problem with that last part. The criminals will always get more creative. But if they are prevented from doing it on the backs of shareholders, then something has been gained. Anything that discourages the creation of more public corporations which are beholden to only majority shareholders and legally obligated to turn a profit is okay in my book.

They did nothing wrong, you were the one that did when you decided to torrent a file, not them, they did not twist your arm did they. If i build something and you use it for something of an evil nature, then who is the wrong one here?

Well, these guys have a nuclear bunker for a data-center [datacenterknowledge.com], they probably think that even if the government comes and attacks them, they can just ride it out inside. They'll probably survive even if US decides to blast them with a nuke (I wonder what the rest of the world would think of the USA if that happened though - US blasting an entrance into a datacenter with a thermo-nuclear weapon in a populated Swedish area. Oh well, just pretend there are WMDs in there and anything would go...

Swedish authorities discover that ISPs deleting cutomer ID info has led to them being unable to determine the ID of file sharers, but also child pornographers, terrorists, people threatening suicide, etc.

New laws will be up for debate trying to outlaw deleting this kind of customer ID info, with privacy groups outraged.

(Not advocating anything here, just figuring this is where this is going.)

And how many of you people want government run health care? You think the government will want to keep your health info private?

You goddammed fucking stupid moronic yankee. Only a yankee would be that stupid in his irrational stupid hatred of government.

Everywhere there is GOVERNMENT HEALTH-INSURANCE (repeat: GOVERNMENT HEALTH-INSURANCE), the health info is KEPT PRIVATE (repeat yet again so it goes through your thick cranium: KEPT PRIVATE) because THE FUCKING GOVERNMENT IS ***NOT*** PROVIDING THE HEALTH-CARE, JUST PAYING FOR IT.

And there is NO FUCKING NEED for the insurer to "share" private patient information, BECAUSE EVERYONE GETS THE SAME COVERAGE BY THE SAME INSURER, SO THERE IS NO NEED TO SNOOP IN ORDER TO FIND PRE-EXISTING CONDITIONS (as a manner to be able to deny coverage) BECAUSE PRE-EXISTING CONDITIONS CANNOT BE USED TO DENY COVERAGE (I repeat again: BECAUSE PRE-EXISTING CONDITIONS CANNOT BE USED TO DENY COVERAGE).

After I'd submitted the article, I was contacted by a spokesman for Bahnhof who advised me that they hadn't just "begun" deleting the customer linkage information, that they have been doing it all along. So the report in "The Local" was not exactly accurate.

US Libraries started doing something similar after the passing of the Patriot Act: deleting customer's borrowing history so that their information couldn't be subpoenaed for the data by the government.

A fairly recent round of laws to come into play for all EU member states specifies that data like this must be retained for 6months.

But fuck the legality of it, he may be in the wrong legally, but he's one of the few ISPs in the right morally. It's just a shame more wont stand up across the industry and do this.

I find it odd that the EU recognises that storing people's DNA on a DNA database when they're innocent and haven't been convicted of any crime is clearly wrong, but that on the flip side of it they support the storage of what people did and where on the internet.... even if people are innocent and haven't been convicted of any crime.

It's just a shame they don't understand technology and the implications of their decisions related to it as well as they do real world justice.

It may be some kind of "requirement" for EU member states, but does the EU override the actual laws of Sweden, which he is following? I have a feeling that only Sweden itself can impose its laws on him. At the very least, he seems willing to find out.

Yeah, I'm confused, too. 2006/24/EG is pretty clear that the source of a internet message has to be identifiable for at least 6 month.

OTOH, there's a lawsuit pending against the directive in Ireland and the German constitutional court has granted a temporary injunction against it*, so it maybe not all is lost. It's pretty controversial politically.

* Except in cases of serious crimes, which is how they were able to bust a child porn ring recently. Next thing you know the 5 major German ISPs sign a contract t

Summary got it wrong - AGAIN! They haven't started deleting logs, they've been doing it that way since 1994. This story has been out for a couple days and somehow - in typical Internet fashion - one person got it wrong and everyone else has copied the wrong data. They never saved this data from the beginning because they didn't have to. It's only mentioned now that they're continuing to do what they've done all alone, not that the suddenly started doing something different.